27 Feb 2002
Users of 802.11 wireless technology continue to leave themselves wide open to simple attack techniques.
Despite repeated warnings that extra measures need to be taken, companies still fail to protect their networks adequately. Network News joined 35 network, IT and security managers on the Portcullis war bus last Friday as it drove through the City of London. The aim was to prove just how easy it is to break into wireless Lans.
Any concerns that Paul Docherty, technical director, and Geoff Webb, technical manager, at security company Portcullis had that they would find nothing after their early bravado were quickly scotched.
Just 57 seconds after rebooting from an immediate system crash, the laptops lit up with the first proof of an insecure network.
The bus was equipped with a worryingly small amount of equipment. Two notebooks - one running Linux and one running Windows 2000, each with a wireless Lan PC card using different chipsets - were running readily available and free software to do the analysis. Ethereal was installed on the Linux machine.
As unprotected WLans were discovered, Docherty gave passengers on the bus a running commentary.
"The SSID of this is set to the Cisco default," he said. "This one is the old Lucent kit default. Oh, and this one is WaveLan PIX - I wonder what that could mean."
Webb joined in. "Here's an interesting one. We've found a network using channel six with an access point password of 'wireless'!"
As the bus drove further we even picked up a Class C internet-visible IP address. "We already have the SSID. All we would have to do is set our card to an unused address in that range and, hey presto, we're in."
A 20-minute drive round the Square Mile picked up 34 different wireless networks. Astonishingly, 19 were not even using WEP. "It wouldn't make much difference if they were, though," said Docherty.
The atmosphere in the bar afterwards varied from horrified to a smug, "Well, that's why we aren't installing wireless technology."
"That was a real eye-opener," said one attendee. "I have to admit I was a bit overawed with the idea of wireless technology and installed first, then worried about it later. I didn't even use encryption. But we got taken over recently and the first thing the new company did was turn off all the wireless equipment."
It is an attitude taken by more and more network managers. The continued security problems faced by wireless technology will have to be sorted out properly. Last week Network News ran a story on the insecurity of the latest wireless security standard. Clearly, there is still a very long way to go.
Have your say on this article
Newsletters
Latest stories from Mobile
You may also like
Mobile jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
